Last updated: March 2025
We collect your email address, trade data imported from connected exchanges (symbols, PnL, timestamps), profile information you provide (display name, bio), and usage data for analytics.
We use your data to provide the trading journal service, calculate streaks and performance analytics, send notifications about badges and records, and improve the platform.
Exchange API keys are encrypted using AES-256-GCM before storage. Encryption keys are stored separately from data. API keys are never logged, transmitted to third parties, or used for anything other than importing your trade history.
We do not sell your data. We share data only with service providers necessary to run BitDiary (Supabase for database, Cloudflare R2 for storage). We may disclose data if required by law.
If you enable your public profile, your display name, bio, and trading stats you choose to share become publicly accessible. You can disable this at any time in Settings.
We retain your data for as long as your account is active. You may request account deletion at any time, which will permanently delete all your data within 30 days.
We use cookies for authentication sessions (Supabase Auth). We do not use tracking or advertising cookies.
We implement industry-standard security measures including AES-256-GCM encryption, HTTPS, and Row Level Security on our database. However, no method of transmission over the internet is 100% secure.
You have the right to access, correct, or delete your personal data. Contact us to exercise these rights. EU residents have additional rights under GDPR.
For privacy questions, contact us at privacy@bitdiary.org